Ursnif Trojan is back with fileless persistence

Researchers warn about a new wave of attacks with an information-stealing Trojan called Ursnif that uses PowerShell and fileless execution mechanisms, making it harder to detect. Some of the attacks also deploy the GandCrab ransomware.

Ursnif, also known as Dreambot, has been around for some time and initially focused on stealing emails and online banking credentials from browsers. However, the Trojan has modules that extend its functionality and has recently been used to deploy other malware as well.